CVE-2022-27925
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
CVSS
—
Sin CVSS
EPSS
98.6%
p100
KEV
SÍ
11 ago 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Synacor / Zimbra Collaboration Suite (ZCS)
Vulnerabilidad
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
Añadido a KEV
11 ago 2022
Remediar antes de
1 sept 2022
Uso conocido en ransomware
Sí
Descripción resumida
Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.
Acción requerida
Apply updates per vendor instructions.
Notas
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2022-27925